[Pkg-clamav-devel] Bug#507624: clamav: recursive stack overflow in jpeg parsing code

Michael Gilbert michael.s.gilbert at gmail.com
Wed Dec 3 02:04:33 UTC 2008

Package: clamav
Version: 0.90.1dfsg-4etch15 , 0.94.dfsg-1 , 0.94.dfsg.2-1
Severity: grave
Tags: security
Justification: user security hole

ubuntu recently issued a security notice for clamav [1] that fixes a
recursive stack overflow problem in the jpeg parsing code.  there is no CVE
id at this point, and the problem is already fixed upstream in clamav
version 0.94.2.  further details can be found in the ubuntu bug log [2].
they issued fixes insanely fast on this one (within twenty-seven hours of the
initial report) -- very commendable.

thanks for working to keep debian secure.

[1] http://www.ubuntu.com/usn/usn-684-1
[2] https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/304017

More information about the Pkg-clamav-devel mailing list